Fuyang Lipengjun Platform Improper Authorization Vulnerability in AttributeController
Vulnerability
A vulnerability exists in Fuyang Lipengjun Platform version 1.0, specifically within the AttributeController's queryAll function. This flaw allows improper authorization, enabling remote exploitation. The vulnerability arises because the queryAll method lacks proper permission checks, allowing any authenticated user to access a complete list of attribute information, which should be restricted to users with administrative privileges. This unauthorized access leads to a disclosure of sensitive information.
Impact
Exploitation of this vulnerability allows for unauthorized access to attribute data, which could include sensitive information, depending on the application's context.
Reproduction
To reproduce this vulnerability, log into the application with any user account, including those with low privileges. Then, send a GET request to the /attribute/queryAll endpoint. The server will respond with a complete list of attribute information, which should typically be restricted to users with administrative privileges.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.